Please do a proper LDAP and new authentication implementation
Idea shared by Joakim Ribb - 9/11/2014 at 10:55 AM
Proposed
As authentication is key in order to simplify ease of use and secure the login all the way, please add proper LDAP support (towards Active Directory and other LDAP sources). This is commodity technology so it should be easy to use.
 
Please also add other authentication mechanism towards other sources such as Microsoft Passport (or what they call it nowadays) in order to provide a better and safer solution.
B.r
Joakim Ribb

South Brains AB
www.southbrains.se

19 Replies

Reply to Thread
0
LDAP is working perfect for our company
0
If you have a domain joined server - not if you want to query multiple domains who your server is not a member of
B.r
Joakim Ribb

South Brains AB
www.southbrains.se
0
I agree with Joakin, and feel that the current LDAP "solution" is extremely inadequate and pretty useless. We host websites and email for schools, and since we use the school's domain over the web, the current very limited LDAP function won't allow for any sort of connection on port 389 like all other LDAP integration products do. It's actually a very simple process, and the code snippets for it would take less than an hour to put in place, but somebody at SmarterTools just simple needs to be "smarter" about it and put these very simple tools in place.
1
Hello,
 
i must agree. We are preparing the move to new server to our new datacenter. The new servers have a membership with our domain and we are using ldap authentification on the new server. Enabling ldap authentification for other domains is not possible because these directories are not accessible without a prior authentification. Adding a mechanism to authentification agains foreign domains would be very helpfull. A trust between our own domain and customers domains is not very comfortable.
We have also customers like schools and some small and midranged companies. So it would be very usefull.
 
An additional and very important thing is the ability to gain access by single-sign-on. Is the user using his personal domain account and access smartermail no additional authentification should be required.
 
kind regards,
Sven
0
Domains are added to the appropriate Active Directory server on a domain-by-domain basis.  This relationship is established by the SmarterMail server administrator.
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
This doesn't help - it is a SM limitation. Hello Joakim, Thanks for the update. I believe you, SmarterMail, will need to be part of the Active directory in order to perform a query. There is not a work around that can be done at this time for someone who is outside the domain or non-member. Thanks.
B.r
Joakim Ribb

South Brains AB
www.southbrains.se
3
This is very important. As more companies merge and others try to use centralized authentication, we will continually run up against the question of "Why can't you..." LDAP is an industry standard and should be supported as an authentication option.
 
Active Directory as currently supported, which is a "modified" version of LDAP; not sure how much more would be required to really implement the standard LDAP?
My Other suggestions: http://bit.ly/segoideas
0
This would be a great addition to V15
My Other suggestions: http://bit.ly/segoideas
0
BUMP - Any news for multi-tenant AD/LDAP?
0
Bump Bump Bump
3
I was begging them to implement this back in November of 2014, and almost 2 years later, there has been NO advancements in this area at all.  It is the reason we have moved away from SmartMail for most of our clients.  This email platform is just too limited as a solution for hosting email for multiple clients at different locations.  While the LDAP solution is actually quite easy to implement, SM has instead chosen to focus more on making things 'pretty' instead of more functional.  We even offered to pay for this option to be added to SM, as well as to provide us the source code so that we can add it into the code for them at NO COST, which they would have benefited greatly from, but they are just not interested in growing their feature set.  Their main focus is on appearance and 'cool looking' stuff instead.  
 
They could VERY easily plug in open source code from places like OpenLDAP and YoLinux to accomplish this upgrade within a day or two, but after two years, it's obvious that they are not interested in growing.  Move on to a different platform, and quit wasting your money on their constant "upgrades".
2
I recall reading in this forum that ST has been paid by others to add custom features in the past. Curious that they were not interested in your offer.
 
I and others have also commented in the past about ST adding "cool looking" features to SM, while introducing new problems and not fixing some old ones.
 
 
0
Proper  one.
0
Bump this much needed feature.
1
I see SmarterTools hasn't taken LDAP seriously yet.

I've been told SmarterMail does not have a LDAP server but just an implementation to query Active Directory. I tried to get it to work with Barracuda Networks for authentication, their tech support debugged the communications with SmarterMail and they confirmed the SmarterMail LDAP implementation does not conform, it doesn’t do the proper handshaking to establish a connection.

I think it time for SmarterMail to have a Full LDAP Server, like many other email servers do.

For my needs I need it to work like Exchange's LDAP, mainly when one does a query for users with the following mail attributes “mail,proxyAddresses”, the server returns the Primary Email Address in the “mail” column and a comma delimited list of Aliases for the Primary in the “proxyAddresses” column. Currently SmarterMail does not support the “proxyAddresses” column and returns Primary and Aliases in the “mail” column. There is currently no way to determine a Primary from an Alias.

The following page (for some reason SmarterMail is absent) shows which mail servers have LDAP. Only 2 do not, if you add SmarterMail to the page, it would be 3.


I think it would benefit SmarterMail to be added to this page and implement LDAP. Please pass this on to the appropriate people who want to make SmarterMail the best mail server ever!

1
That would be a huge + for us as well. As we slowly migrate clients who have Azue AD but yet have email with us it would be helpful. We are a moving lots of things that are cloud centric and LDAP and SSO are big parts. Being able to tell a new customer their AD is authoritative for passwords takes that part out of our hands and into their security team responsibility.Plus we would ahve a bunch less tickets to deal with.
0
Matt Petty Replied
Employee Post
@Jerry, I like that idea. I will add it as a feature request.
@Lakshan, I think that's how we actually setup our domain but I think we have a local DC that pairs with it. I will run a test with a fresh install and fresh Azure AD and see what steps are needed for this to work.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Robert Emmett Replied
Employee Post
@Lakshan, according to docs.microsoft.com, Azure AD does use LDAP.  In the account settings you can specify the Authentication Mode as Active Directory, set the AD username and AD domain. SmarterMail will then query the AD server for users and passwords. We have a task to support the proxyAddresses field in our LDAP implementation.


Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Robert:
The way we do it is spin up a second DC in Azure,  domain join it in Azure AD (1vCPU 2 GB). That server allows us to do LDAP as well as get AD exposed as we control and mange the VM. So yes your right, not directly MS does not permit it to be exposed

Reply to Thread